similar to: Re: Problems routing mail to particular interface

We currently use iptables, matching packets based on IP address and marking them with an ID. Multiple IP addresses can be marked with the same ID. We then filter based on the ID. We have close to 2000 filters now and I''m looking into hashing tables. Is there any way to create a hashing filter based on the fwmark? Paul C. Diem PCDiem@FoxValley.net

Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network? For exemple: I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP

how to use iproute/iptables to balance by packet OUTBOUND traffic between 2 PPP (pptp cable modem and pppoe adsl modem) links to the same ISP . also by using the fact that the ISP dosen''t filter source IP address - meaning i can use either PPP''s link assigned IP address as the source IP in the ip header.., it works for both devices.., what i want to achive is : when uploading a

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in

I''ve got a linux router pushing 600-1000 pppoe connections through it. I''m getting a screen error "Neighbor Table Overflow" after this box has been up for between 1 week and 1 month. When this is happening, routing slows to a crawl if at all. Then dies. I''ve added: # Added to stop "neighbor table overflow" messages in the kernel

Hi, Just a question, the rate values use for configure a class, are they a IP rate or a Ethernet rate ? Thanks, Edouard. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi all, I''m trying to set up a computer with 2 routes to the internet, much as described at http://lartc.org/howto/lartc.rpdb.multiple-links.html .One of my interfaces (eth5, 192.168.2.2) is only used for traffic originating inside the network. The other (eth1, 192.168.1.2) is only used for a VPN, where all (udp) traffic originates from outside our network. I have created a second

Hi guys , i am starting to "play" with qos in linux. Well , i am trying to setup an ingress filter but i do not know why it is not working. tc add qdisc dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 160kbit burst 256kbit drop flowid :1 After that : iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 So , i think this

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hello I have 2 class-B networks (172.22.0.0/16 and 172.23.0.0/16, over 130k of ip''s) and need to setup traffic tbf shapers with 64kb/s for each ip from 172.22.0.0/16 and 128kb/s for each ip from 172.23.0.0/16 just read lartc and don''t understand how to use u32 for decreasing number of rules and hashing

Hi all! I''ve got 2 (soon 3) internet connection. 1 - via ADSL, 2(and3) via ppp My network: http://desima.objectis.net/network-diag linux1: user1.user2 eth0=192.168.1.1 ppp0=192.168.5.2( gw 192.168.5.1) gw=192.168.1.2 ( thru ADSL) compA=192.168.1.6 compB=192.168.1.15 gw2=192.168.1.217 via ppp to different ISP All works for compA and CompB, user1 should use default gw(192.168.1.2)

Hi, I have 2 internet connections (1 adsl/1 cable). I am try to route all outgoing mail from the mail server (on the same box), through the ADSL connection routing through the cable will mean mail will get rejected by AOL :( I am using qmail as the mail server. The configuration is: eth0 : cable connection ppp0 : adsl connection eth2 : internal lan connection I have configured split access as

Hello all, We have two ADSL lines configured on a single box, hence interfaces ppp0 & ppp1. Is there a way to route packets to ppp0, say based on destination port 80 & other traffic like voice through ppp1? Thanks.

Hi, I''ve been wondering if anyone has thought of a way to differentiate between an established http download and interactive http traffic? I would like to give interactive http traffic priority over someone downloading large files. Has anyone any ideas how to detect packets that are part of a download like this? Thanks. _______________________________________________

hi currently i am using redhat enterprise linux 5 for multi gateway routing with 5 internet connection on static ip and all is working fine, now i want to use 5 adsl lines with dynamic ip but there is no doc. in lartc and in nano''s how to for dynamic ip, so can u plz help me out thanks in advance nilesh chouhan __________________________________________________ Do You Yahoo!?

Hi All, I''ve got server with one LAN card eth0 ip=10.0.0.5 default access t ointernety done through ADSL router gw 10.0.0.1 we got second internet access through another ADSL router gw 10.0.0.2 I want to send all e-mail out through gw 10.0.0.2 How it can be done? I''ve tried to mark packets: iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 0x1 and ip ru add

Hi all! I have a problem setting up HTB on my home network. I have a network: 192.168.1.0/24 and I want to limit the download to 200 KB to every IP from my city ( I have the IP''s of most ISPs). The thing is that I I want to limit the international traffic too (I do not use BGP) and set it to 15 KB. Can someone help with this setup? Thanks! Best regards, -- George -- This message

Hello! I need assistance to solve my problem related to traffic shaping based on the user ids. The problem: each unix user (of the linux host) has to be limited with incoming channel (internet) bandwidth. I need this to implement internet access solution based on ltsp (http://www.ltsp.org). As far as I know the best way to shape traffic in linux is CBQ. But there is no filter based on unix

Hi, I have Mandrake 10.0 (official). I have read the section in lartc about "Routing for multiple uplinks/providers", but still I have some queries below. I have a DSL connection where they give pppoe which is directly terminated into eth1 of my Linux box. Now I have another machine connected to dial-up and it is on same LAN connected to eth0 of Linux box. Now, can I use both these

Hi there, I have a little problem. I had this some months ago but didn''t solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too. Now I inserted this line in my firewall script on my router for testing purpose: $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP It works, BUT only if the